Hardware module-based authentication in intra-vehicle networks

Abstract

A secure hardware-based module or Security Electronic Control Unit (SECU) for a Controller Area Network (CAN) prevents an attacker from sending malicious messages through the CAN bus to take over control of a vehicle. The SECU shares a unique key and counter with each ECU on the CAN bus. When a legitimate ECU sends a message, it first compresses the message and then generates a MAC of the counter and a secret key. The counter is increased by one for each transmitted message. The ECU then fits the compressed message and the MAC into one CAN frame and sends it onto the CAN bus. The SECU performs the message verification on behalf of the intended receiver(s) of the message. If the verification passes, the receiver(s) simply decompress the message and use it as a normal CAN message. If the verification fails, the SECU will corrupt the CAN frame before it is fully received by the intended receiver(s). The corrupted CAN frame will be ignored by the intended receiver(s) as if it was never received. Therefore, a malicious message generated by an attacker will inflict no damage on the system.

Description

BACKGROUND OF THE INVENTIONField of the Invention[0001]The present invention generally relates to security systems for Electronic Control Units (ECUs) particularly for use in Controller Area Networks (CANs) as used in vehicle communication systems and, more specifically, the invention is directed to a secure hardware-based module or Security ECU (SECU) for a Controller Area Network (CAN) to prevent an attacker from sending malicious messages through the CAN bus to take over a vehicle.Background Description[0002]The Controller Area Network (CAN) was invented by Bosch GmbH in order to provide reliable, fast communication between ECUs in automotive networks. However, it was not designed for security, and as such remains vulnerable to various attacks from both physical and wireless interfaces. Although the majority of cars are vulnerable to attacks through physical media, such as the On-Board Diagnostics (OBD-II) port, recent developments in automotive technology have made cars increasi...

AI Technical Summary

Benefits of technology

[0018]The addition of a secure hardware module (the SECU) onto the CAN bus. The hardware module can perform key distribution and message verification, and can destroy malicious messages before they are fully received by ECUs. The module significantly enhances the security of in-car network communications and reduces the overhead of key management. With the SECU, only software updates are required for existing ECUs. They only need to compute MACs, and they do not need to conduct verification. Therefore, delay and computation overhead on message verification are also reduced compared with traditional message authentication protocols.

[0019]6.673 million CAN messages are collected from various cars and entropy and pattern analysis were conducted of the messages. The CAN messages collectively have low entropy, with an average of 11.436 bits. This finding supports CAN message compression, which allows the message size to be significantly reduced to fit the message and its MAC within a single CAN frame, thus enabling fast authentication.

[0021]A new ECU synchronization process was developed to allow more efficient transfer of compression trees.

[0023]Experimental evaluation was conducted using the test bed. Evaluation results show that the invention can achieve real-time message authentication on the CAN bus with minimal latency.

Problems solved by technology

The hardware module can perform key distribution and message verification, and can destroy malicious messages before they are fully received by ECUs.

Images